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1. access system for a computer site, comprising 

a certificate authentication component to verify a user's identity from a digital 
certificate supplied by the user, 

a oirectory, coupled to the certificate authentication component, to store 
5 information \epresentative of a plurality of users, said information including an access 
policy for eac^user, and 

an accesk control system, coupled to the directory, to restrict access to the user 
based on the access policy associated with the user in the directory. 



2. An access system aain claim 1, wherein the access policy includes information 
representative of a portion of the computer site to which the user is permitted access. 

3. An access system as in claim 1, further comprising 

a certificate authority cWiponent, coupled to the certificate authentication 
component, to issue digital certiffcates to the user. 

4. An access system as in claim 1, furmer comprising 

a log system, coupled to the certiycate authentication component, to record the 
user's actions in the computer site. 



5. An access system as in claim 1, further comwising 
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a transaction authentication system, coupled to the certificate authentication 
component, to prcjvide verified records of transactions performed using the computer 
site, 

6. An access system as in claim 5, wherein the transaction authentication system 
includes a digital signing module for validating transactions. 

7. An access system aa in claim 1, wherein the computer site is an extranet. 

8. A method of regulating access to a computer site, comprising 

receiving from a iKer a request to access a computer site or a portion thereof, 
receiving informatipn representative of the user's identity, 
consulting a directory containing information representative of a plurality of 
users, said information incliiding an access policy for each user, to determine whether 
the user is permitted to accesB the computer site or portion thereof, and 

granting or denying access to the user according to the access policy for the 

user. 



9. A method as in claim 8, wherein consulting a directory includes checking the access 
policy to determine a portion of tme computer site to which the user is permitted 



access. 
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10. A method as in claim 9, wherein the receiving a request includes receiving a URL 

\ 

\ 

address for a sit^ within the computer site. 

1 1. A method as in claim 8, wherein receiving information representative of the user's 
identity includes recmving a password, a retinal scan, a fingerprint, or a document 
capable of being decrypted by a public key. 

12. A method as in claim 8, wherein receiving information representative of the user's 
identity includes receiving a digital certificate. 

13. An access system for a computer site, comprising 

means for verifying a user's identity from a digital certificate supplied by the 
user, \ 

means, coupled to the means for verifying a users identity, for storing 
information representative of a plurality of users, said information including an access 
policy for each user, and \ 

means, coupled to the meanV for storing information, for restricting access to 
the user based on the access policy associated with the user in the means for storing 
information. \ 

14. An access system as in claim 13, wherein the means for storing information 
includes information representative of a portion of the computer site to which the user 
is permitted access. \ 
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15. An access syatem as in claim 13, further comprising 



means, coiipled to said means for verifying a user's identity, for issuing digital 



certificates to the user. 

16. An access system aV in claim 13, further comprising 

means, coupled t& said means for restricting access, for recording the user's 
actions in the computer site. 

17. An access system as in cl^m 13, further comprising 

means, coupled to said means for verifying a user's identity, for storing 
verified records of transactions performed using the computer site. 
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